CVE-2021-40145: 
CBL Mariner vulnerability analysis and mitigation

The vulnerability CVE-2021-40145 affects the GD Graphics Library (LibGD) through version 2.3.2. The issue specifically involves a double free vulnerability in the gdImageGd2Ptr function in gd_gd2.c. The vulnerability was discovered and disclosed in August 2021 (NVD, Snyk).

The vulnerability exists in the gdImageGd2Ptr function within gdgd2.c file of LibGD. It occurs when certain conditions in gdImageGd2 lead to failure, causing the output buffer to be incorrectly allocated, which subsequently results in a double free condition when gdDPExtractData is called. The vulnerability has a CVSS v3.1 base score of 7.5 (High), with attack vector being Network, attack complexity Low, and no privileges or user interaction required (Snyk).

The vulnerability can lead to a total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component. This loss can be either sustained while the attack continues or persistent even after the attack has completed (Snyk).

The vulnerability has been fixed in newer versions of the library. Users should upgrade to LibGD version 2.3.3 or higher. For Ubuntu users, specific fixed versions are available: Ubuntu 14.04 should upgrade to version 2.1.0-3ubuntu0.11+esm2 or higher (Snyk). The vendor notes that the GD2 image format is proprietary to libgd and should be considered obsolete, recommended only for development and testing purposes (NVD).